Version:

Version:

Version:


Table of Contents

FortiGate-7000F Handbook

Download PDF
Copy Link

Device failure

If the primary FortiGate-7000F encounters a problem that is severe enough to cause it to fail, the secondary FortiGate-7000F becomes new primary FortiGate-7000F. This occurs because the secondary FortiGate-7000F is constantly waiting to negotiate to become primary FortiGate-7000F. Only the heartbeat packets sent by the primary FortiGate-7000F keep the secondary FortiGate-7000F from becoming the primary FortiGate-7000F. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate-7000F. If this timer is allowed to run out because the secondary FortiGate-7000F does not receive heartbeat packets from the primary FortiGate-7000F, the secondary FortiGate-7000F assumes that the primary FortiGate-7000F has failed and becomes the primary FortiGate-7000F.

The new primary FortiGate-7000F will have the same MAC and IP addresses as the former primary FortiGate-7000F. The new primary FortiGate-7000F then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate-7000F. Sessions then resume with the new primary FortiGate-7000F.

Device failure

If the primary FortiGate-7000F encounters a problem that is severe enough to cause it to fail, the secondary FortiGate-7000F becomes new primary FortiGate-7000F. This occurs because the secondary FortiGate-7000F is constantly waiting to negotiate to become primary FortiGate-7000F. Only the heartbeat packets sent by the primary FortiGate-7000F keep the secondary FortiGate-7000F from becoming the primary FortiGate-7000F. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate-7000F. If this timer is allowed to run out because the secondary FortiGate-7000F does not receive heartbeat packets from the primary FortiGate-7000F, the secondary FortiGate-7000F assumes that the primary FortiGate-7000F has failed and becomes the primary FortiGate-7000F.

The new primary FortiGate-7000F will have the same MAC and IP addresses as the former primary FortiGate-7000F. The new primary FortiGate-7000F then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate-7000F. Sessions then resume with the new primary FortiGate-7000F.